Add command line option to disable SSL/TLS

Closes ONAP-508

Change-Id: If6c3935ede7b00dea9b36747c6cd1422c1c8d330
Signed-off-by: kjaniak <kornel.janiak@nokia.com>
Issue-ID: DCAEGEN2-601

4 files changed, 75 insertions, 36 deletions

diff --git a/hv-collector-core/pom.xml b/hv-collector-core/pom.xml
index 18657316..cf99867f 100644
--- a/hv-collector-core/pom.xml
+++ b/hv-collector-core/pom.xml
@@ -83,6 +83,10 @@
             <artifactId>arrow-effects</artifactId>
         </dependency>
         <dependency>
+            <groupId>io.arrow-kt</groupId>
+            <artifactId>arrow-core</artifactId>
+        </dependency>
+        <dependency>
             <groupId>io.projectreactor</groupId>
             <artifactId>reactor-core</artifactId>
         </dependency>
diff --git a/hv-collector-core/src/main/kotlin/org/onap/dcae/collectors/veshv/impl/socket/NettyTcpServer.kt b/hv-collector-core/src/main/kotlin/org/onap/dcae/collectors/veshv/impl/socket/NettyTcpServer.kt
index e9985766..61e1ebff 100644
--- a/hv-collector-core/src/main/kotlin/org/onap/dcae/collectors/veshv/impl/socket/NettyTcpServer.kt
+++ b/hv-collector-core/src/main/kotlin/org/onap/dcae/collectors/veshv/impl/socket/NettyTcpServer.kt
@@ -19,7 +19,9 @@
  */
 package org.onap.dcae.collectors.veshv.impl.socket
 
+import arrow.core.Option
 import arrow.effects.IO
+import io.netty.handler.ssl.SslContext
 import org.onap.dcae.collectors.veshv.boundary.CollectorProvider
 import org.onap.dcae.collectors.veshv.boundary.Server
 import org.onap.dcae.collectors.veshv.boundary.ServerHandle
@@ -54,8 +56,9 @@ internal class NettyTcpServer(private val serverConfig: ServerConfiguration,
     }
 
     private fun configureServer(opts: ServerOptions.Builder<*>) {
+        val sslContext: Option<SslContext> = sslContextFactory.createSslContext(serverConfig.securityConfiguration)
+        if (sslContext.isDefined()) opts.sslContext(sslContext.orNull())
         opts.port(serverConfig.port)
-        opts.sslContext(sslContextFactory.createSslContext(serverConfig.securityConfiguration))
     }
 
     private fun handleConnection(nettyInbound: NettyInbound): Mono<Void> {
diff --git a/hv-collector-core/src/main/kotlin/org/onap/dcae/collectors/veshv/impl/socket/SslContextFactory.kt b/hv-collector-core/src/main/kotlin/org/onap/dcae/collectors/veshv/impl/socket/SslContextFactory.kt
index b6fb1cf8..0dce0d61 100644
--- a/hv-collector-core/src/main/kotlin/org/onap/dcae/collectors/veshv/impl/socket/SslContextFactory.kt
+++ b/hv-collector-core/src/main/kotlin/org/onap/dcae/collectors/veshv/impl/socket/SslContextFactory.kt
@@ -19,6 +19,9 @@
  */
 package org.onap.dcae.collectors.veshv.impl.socket
 
+import arrow.core.None
+import arrow.core.Option
+import arrow.core.Some
 import io.netty.handler.ssl.ClientAuth
 import io.netty.handler.ssl.SslContext
 import io.netty.handler.ssl.SslContextBuilder
@@ -27,11 +30,15 @@ import org.onap.dcae.collectors.veshv.domain.SecurityConfiguration
 
 
 internal open class SslContextFactory {
-    fun createSslContext(secConfig: SecurityConfiguration): SslContext =
-            createSslContextWithConfiguredCerts(secConfig)
-                    .sslProvider(SslProvider.OPENSSL)
-                    .clientAuth(ClientAuth.REQUIRE)
-                    .build()
+    fun createSslContext(secConfig: SecurityConfiguration): Option<SslContext> =
+            if (secConfig.sslDisable) {
+                Option.empty()
+            } else {
+                Option.just(createSslContextWithConfiguredCerts(secConfig)
+                        .sslProvider(SslProvider.OPENSSL)
+                        .clientAuth(ClientAuth.REQUIRE)
+                        .build())
+            }
 
     protected open fun createSslContextWithConfiguredCerts(secConfig: SecurityConfiguration): SslContextBuilder =
             SslContextBuilder.forServer(secConfig.cert.toFile(), secConfig.privateKey.toFile())
diff --git a/hv-collector-core/src/test/kotlin/org/onap/dcae/collectors/veshv/impl/socket/SslContextFactoryTest.kt b/hv-collector-core/src/test/kotlin/org/onap/dcae/collectors/veshv/impl/socket/SslContextFactoryTest.kt
index 26a25d33..deb4e183 100644
--- a/hv-collector-core/src/test/kotlin/org/onap/dcae/collectors/veshv/impl/socket/SslContextFactoryTest.kt
+++ b/hv-collector-core/src/test/kotlin/org/onap/dcae/collectors/veshv/impl/socket/SslContextFactoryTest.kt
@@ -20,15 +20,17 @@
 package org.onap.dcae.collectors.veshv.impl.socket
 
 import io.netty.handler.ssl.ClientAuth
-import io.netty.handler.ssl.OpenSslServerContext
 import io.netty.handler.ssl.ReferenceCountedOpenSslContext
 import io.netty.handler.ssl.SslContextBuilder
 import org.assertj.core.api.Assertions.assertThat
 import org.jetbrains.spek.api.Spek
 import org.jetbrains.spek.api.dsl.describe
+import org.jetbrains.spek.api.dsl.given
 import org.jetbrains.spek.api.dsl.it
+import org.jetbrains.spek.api.dsl.on
 import org.onap.dcae.collectors.veshv.domain.SecurityConfiguration
 import java.nio.file.Paths
+import kotlin.test.assertTrue
 
 /**
  * @author Piotr Jaszczyk <piotr.jaszczyk@nokia.com>
@@ -36,43 +38,66 @@ import java.nio.file.Paths
  */
 object SslContextFactoryTest : Spek({
     describe("SslContextFactory") {
-        val sampleConfig = SecurityConfiguration(
-                privateKey = Paths.get("/", "tmp", "pk.pem"),
-                cert = Paths.get("/", "tmp", "cert.crt"),
-                trustedCert = Paths.get("/", "tmp", "clientCa.crt"))
+        given("config without disabled SSL") {
+            val sampleConfig = SecurityConfiguration(
+                    privateKey = Paths.get("/", "tmp", "pk.pem"),
+                    cert = Paths.get("/", "tmp", "cert.crt"),
+                    trustedCert = Paths.get("/", "tmp", "clientCa.crt"))
 
-        val cut = object : SslContextFactory() {
-            var actualConfig: SecurityConfiguration? = null
-            override fun createSslContextWithConfiguredCerts(secConfig: SecurityConfiguration): SslContextBuilder {
-                actualConfig = secConfig
-                return SslContextBuilder.forServer(resource("/ssl/ca.crt"), resource("/ssl/server.key"))
+            val cut = object : SslContextFactory() {
+                override fun createSslContextWithConfiguredCerts(secConfig: SecurityConfiguration): SslContextBuilder {
+                    return SslContextBuilder.forServer(resource("/ssl/ca.crt"), resource("/ssl/server.key"))
+                }
+
+                private fun resource(path: String) = SslContextFactoryTest.javaClass.getResourceAsStream(path)
             }
 
-            private fun resource(path: String) = SslContextFactoryTest.javaClass.getResourceAsStream(path)
-        }
+            on("creation of SSL context") {
+                val result = cut.createSslContext(sampleConfig)
 
-        val result = cut.createSslContext(sampleConfig)
+                it("should be server context") {
+                    assertTrue(result.exists {
+                        it.isServer
+                    })
+                }
 
-        it("should be server context") {
-            assertThat(result.isServer).isTrue()
-        }
+                it("should use OpenSSL provider") {
+                    assertTrue(result.isDefined())
+                }
 
-        it("should use OpenSSL provider") {
-            assertThat(result).isInstanceOf(OpenSslServerContext::class.java)
+                /*
+                 * It is too important to leave it untested on unit level.
+                 * Because of the Netty API design we need to do it this way.
+                 */
+                it("should turn on client authentication") {
+                    val clientAuth: ClientAuth = ReferenceCountedOpenSslContext::class.java
+                            .getDeclaredField("clientAuth")
+                            .run {
+                                isAccessible = true
+                                get(result.orNull()) as ClientAuth
+                            }
+                    assertThat(clientAuth).isEqualTo(ClientAuth.REQUIRE)
+                }
+            }
         }
 
-        /*
-         * It is too important to leave it untested on unit level.
-         * Because of the Netty API design we need to do it this way.
-         */
-        it("should turn on client authentication") {
-            val clientAuth: ClientAuth = ReferenceCountedOpenSslContext::class.java
-                    .getDeclaredField("clientAuth")
-                    .run {
-                        isAccessible = true
-                        get(result) as ClientAuth
-                    }
-            assertThat(clientAuth).isEqualTo(ClientAuth.REQUIRE)
+        given("config with SSL disabled") {
+            val securityConfiguration = SecurityConfiguration(
+                    sslDisable = true,
+                    privateKey = Paths.get("sample", "key"),
+                    cert = Paths.get("sample", "cert"),
+                    trustedCert = Paths.get("/", "sample", "trusted", "cert")
+            )
+            val cut = SslContextFactory()
+
+            on("creation of SSL context") {
+                val result = cut.createSslContext(securityConfiguration)
+
+                it("should not create any SSL context ") {
+                    assertThat(result.isDefined()).isFalse()
+                }
+            }
         }
+
     }
 })